Paper details
Security Architectures: Strategies & Designs
Key Concepts:
Security Strategies
Layered Security (Security in Depth)
Defense-in-Depth
Network Security Strategies
Demilitarized Zones (DMZ’s)
Enterprise Architectures & Secure Architecture Design
Tools for Building Enterprise Architectures
This week, we begin with a set of readings about two related Security Strategies — security in depth and
defense in depth. These strategies are used in IT security but were developed and are applied in many
different aspects of defense and security. After considering out these two security strategies can be applied
to information infrastructures, we then move on to considering Enterprise Architectures and how they can
be used to define and document the changes from the current or as-is state of security to a desired or to-be
state for securing the information enterprise (using one or both of the “in depth” strategies).
Building an Enterprise Architecture requires that we first know what assets make up the enterprise’s
information infrastructure (end point devices, servers, networks and network connections, applications,
databases, cloud resources, etc.) and how they are connected to each other. The documentation that
provides this information is an Enterprise Architecture (EA). Depending upon the methodology used, the
enterprise architecture can range from a set of labeled interconnection diagrams to a much more complex
set of documentation that extends beyond the technologies to incorporate business processes, standards,
and more.
There are many different styles and/or frameworks in use for defining what an enterprise architecture is, the
processes required to create it, and the types of information provided in each type of EA artifact (document
or drawing). The main ones in use today are:
Department of Defense Architecture Framework (DoDAF)
Federal Enterprise Architecture Framework
The Open Group Architecture Framework (TOGAF)
Zachman Framework
Note: Throughout this course, you have seen diagrams of the Sifers-Grayson IT enterprise. These are
simplified versions of diagrams used as part of a comprehensive Enterprise Architecture.
The reading “On small-scale IT users’ system architectures and cyber security: A UK case study”
introduces small scale organizations and how they can benefit from developing an enterprise architecture
for their organization. (Note: in this article, the authors use the term “architecture” by itself to refer to the
enterprise architecture.)
It is important to note that our focus this week is not so much on the question of “what is” an enterprise
architecture as it is on the role that enterprise architectures can play in securing information, information
systems, and information infrastructures throughout and across the Sifers-Grayson enterprise. As you read
the readings, your emphasis should be upon developing a high-level understanding of how enterprise
architectures are used in the context of understanding and improving the security posture of an information
infrastructure / enterprise.
For this short paper activity, you will learn about the three delays model, which explains…
Topic : Hospital adult medical surgical collaboration area a. Current Menu Analysis (5 points/5%) Analyze…
As a sales manager, you will use statistical methods to support actionable business decisions for Pastas R Us,…
Read the business intelligence articles: Getting to Know the World of Business Intelligence Business intelligence…
The behaviors of a population can put it at risk for specific health conditions. Studies…